The Revised Uniform Fiduciary Access to Digital Assets Act, which became effective in Minnesota earlier this year, has largely resolved the Catch-22 that faces trustees and estate administrators by creating a workable framework for disposing of digital assets after death. Attorneys who do estate planning work should familiarize themselves and their clients with its terms.

Cloud computing has made our lives much easier, but it has made our deaths more complex. Increasingly, our most significant physical possessions are taking on digital form. Photographs, letters, bank statements, even currency itself—these are just a few of the things that were known to us primarily as physical objects less than a generation ago, but which many of us now store digitally.

The “digital assets” that people own today include those that have physical analogs (for instance, letters and music) as well as those that do not (for instance, social media accounts). If such assets were held in the physical possession of a deceased person—on a computer, flash drive, or other device—they could be distributed in much the same manner as tangible property. Frequently, however, a decedent’s digital assets are maintained on the servers of a third party such as Facebook, Google, or an online bank. Until recently, this situation placed estate administrators in a troubling limbo. On the one hand, they have an obligation to gather and manage all of a decedent’s assets. On the other, they face imposing obstacles to accessing digital assets, including restrictive terms-of-service agreements and federal anti-hacking statutes.

Digital assets have risen to prominence in our culture so quickly that legislatures are only now stepping in to clarify things. This past August, the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) became effective in Minnesota and is codified as Minnesota Statutes §521A.01, et seq. (2016). As of July, 17 other states had passed versions of RUFADAA, and 13 others had introduced it in their legislatures. The act has largely resolved the Catch-22 that faces estate administrators by creating a workable framework for disposing of digital assets after death. As such, it is worthwhile for Minnesota lawyers to understand the basics of the statute, and also to understand basic best practices that their clients should implement in order to take advantage of its protections.

Overview of RUFADAA

The purpose of RUFADAA is straightforward. As its drafters at the Uniform Law Commission (ULC) put it, the act “gives Internet users the power to plan for the management and disposition of their digital assets in a similar way as they can make plans for their tangible property.”1

Arriving at the statutory language that achieves this objective was a far less simple matter. Before RUFADAA, there was UFADAA, the original Uniform Fiduciary Access to Digital Assets Act. Like RUFADAA, UFADAA attempted to resolve the difficulties facing executors, estate administrators, and others (RUFADAA uses the umbrella term “fiduciaries”) in accessing and distributing digital assets. The approach that UFADAA took to the issue was a simple one. It merely stated that existing law applicable to fiduciaries—which authorizes them to stand in the shoes of a deceased person for purposes of recovering his or her tangible property—also applied when fiduciaries sought access to digital assets.

While it had the benefit of simplicity, the approach proved disagreeable to technology companies. Those companies, which maintain user accounts containing digital assets and include the likes of Apple and Yahoo, are known as “custodians” under RUFADAA. Numerous custodians joined in a successful campaign against UFADAA, arguing among other things that the law, in giving fiduciaries access to the contents of email messages and other personal documents of the decedent, violated their users’ privacy. They also argued that UFADAA simply placed them, as opposed to fiduciaries, between a rock and a hard place, legally speaking. They pointed to a 1980s-era federal statute, the Stored Communications Act (SCA), which arguably prohibits custodians from turning over a user’s account to a third party. (The statute provides a “lawful consent” exception, but does not speak to the issue of whether a fiduciary, by virtue of its position alone, has such consent.) Custodians claimed that the UFADAA would require them to violate the SCA.

The tech industry drafted competing legislation, known as the Privacy Expectation Afterlife and Choices Act (PEAC). PEAC, however, had its own limitations, including a limited scope—it included email communications, for instance, but not other digital assets like cloud-stored files and blogs—and the burdensome need to obtain a court order formally authorizing a fiduciary to access a decedent’s digital property.

Ultimately, custodians and the Uniform Law Commission agreed to the approach embodied in RUFADAA, which takes account of the tech industry’s objections to the original legislation. Specifically, it limits a fiduciary’s access to the substance of certain digital content, unless the decedent affirmatively authorized it. In describing RUFADAA, the ULC states:

This act extends the traditional power of a fiduciary to manage tangible property to include management of a person’s digital assets. The act allows fiduciaries to manage digital property like computer files, web domains, and virtual currency, but restricts a fiduciary’s access to electronic communications such as email, text messages, and social media accounts unless the original user consented in a will, trust, power of attorney, or other record.2

While RUFADAA is more complex than its predecessor, it is clear enough. Under RUFADAA, the extent to which a fiduciary can access the digital assets of a decedent is dictated by one of several sets of terms, in descending order of authority.

Online tool: Under RUFADAA, custodians can create an “online tool,” separate from their terms of service, through which users can determine the extent to which their digital assets are revealed to third parties, including fiduciaries. (On Facebook, the online tool is known as Facebook Legacy Contact.) If a user has provided direction through the online tool, it will supersede conflicting directives, including those in a will.3

Will, trust, or power of attorney: The user can authorize access to his or her assets after death through a will or trust and, during his or her lifetime, through a power of attorney.4

Terms of service: If the user has not provided direction, the custodian’s terms of service apply.

RUFADAA default rules: If the terms of service do not cover the issue, RUFADAA’s default rules apply. Those default rules recognize multiple types of digital assets. For certain digital assets, like virtual currency, RUFADAA gives fiduciaries unrestricted access. For electronic communications, however, the statute does not provide fiduciaries access; instead, it allows them to access a “catalog” of communications consisting of metadata such as the addresses of the sender and recipient, as well as the date and the time the message was received.

For all actions taken in good faith under RUFADAA, custodians receive the legal protection of immunity.5

Best practices

Users should consider availing themselves of the online tool option whenever it’s offered, and in certain instances it will make sense to exercise that option. Of course, online tools only apply to the individual sites on which they appear. Users can secure blanket protection for themselves by including digital assets in their estate planning documents. They should include language identifying the fiduciary and the extent of access that he or she should be given to the user’s digital assets. (The documents should also make it clear that the provisions should be considered lawful consent under the Stored Communications Act and other relevant statutes.)

In conjunction with this estate planning, users should maintain an updated inventory of their digital assets, including accounts and passwords. They should be careful about revealing that inventory to third parties, however, as it presents a possible claim of a violation of the Computer Fraud and Abuse Act, in the event that a site’s terms of service prevent password sharing with third parties, as some do.

Lawyers will want to become familiar with the terms of service of various sites—especially those in which their clients hold significant digital assets. Yahoo’s terms of service, for instance, indicate that “any rights to your Yahoo ID or contents within your account terminate upon your death,” raising uncertainty over the extent to which a fiduciary could access them.6

Finally, lawyers should be aware of the choice-of-law provisions in various terms of service. Many point to California, where RUFADAA took effect at the end of September. If the terms select the law of a state where RUFADAA does not govern, however, there will be an argument that the fiduciary is back in the dreaded state of limbo.

While the digital revolution has introduced great convenience into our lives, it has also introduced great complexity into estate administration. By passing versions of RUFADAA, Minnesota and other states have mitigated some of that complexity and confusion. To secure the advantages offered by that statute, however, lawyers and their clients must actively make plans now for the disposition of their digital assets after death.

STEVEN ORLOFF is a partner in Robins Kaplan’s Estate and Trust practice group.